Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NPM Package Registry Returns 404 with upstream package-lock.json #21567

Open
Racer159 opened this issue Oct 23, 2022 · 0 comments
Open

NPM Package Registry Returns 404 with upstream package-lock.json #21567

Racer159 opened this issue Oct 23, 2022 · 0 comments
Labels
topic/packages type/bug

Comments

@Racer159
Copy link
Contributor

Description

The NPM package registry adds a /version in the URL that it uses to pull down the package tarball from the remote, and while this works when a repository has been configured to use Gitea alone, migrating projects back and forth from another registry (i.e. https://registry.npmjs.org/) requires you to delete (or otherwise update) the package-lock.json file for npm to resolve the package correctly.

Gitea Version

dcd9fc7

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

https://gist.github.com/Racer159/1f6a7d5ea64e76d0acc44c0b23606a3a

Screenshots

image

Git Version

2.38.0

Operating System

popOS 22.04

How are you running Gitea?

For this testing I was running it locally from a fresh copy built from main. Normally, however this server is ran inside of Kubernetes with the official Gitea chart (specifically https://dl.gitea.io/charts version: 6.0.1).

Database

SQLite
@Racer159 Racer159 mentioned this issue Oct 23, 2022
Merged
@lunny lunny added this to the 1.17.4 milestone Oct 24, 2022
lunny added a commit that referenced this issue Oct 24, 2022
@Racer159 @lunny
Allow for resolution of NPM registry paths that match upstream (#21568)
49a4464 
This PR fixes issue #21567 allowing for package tarball URLs to match
the upstream registry (and GitLab/JFrog Artifactory URLs). It uses a
regex to parse the filename (which contains the NPM version) and does a
fuzzy search to pull it out. The regex was built/expanded from
http://json.schemastore.org/package,
https://github.com/Masterminds/semver, and
https://docs.npmjs.com/cli/v6/using-npm/semver and is testable here:
https://regex101.com/r/OydBJq/5

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Racer159 added a commit to Racer159/gitea that referenced this issue Nov 8, 2022
@Racer159 @lunny
Allow for resolution of NPM registry paths that match upstream (go-gi…
32a5288 
…tea#21568)

Backport (go-gitea#21568)

This PR fixes issue go-gitea#21567 allowing for package tarball URLs to match
the upstream registry (and GitLab/JFrog Artifactory URLs). It uses a
regex to parse the filename (which contains the NPM version) and does a
fuzzy search to pull it out. The regex was built/expanded from
http://json.schemastore.org/package,
https://github.com/Masterminds/semver, and
https://docs.npmjs.com/cli/v6/using-npm/semver and is testable here:
https://regex101.com/r/OydBJq/5

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
@Racer159 Racer159 mentioned this issue Nov 8, 2022
Merged
lunny added a commit that referenced this issue Nov 9, 2022
@Racer159 @lunny
Allow for resolution of NPM registry paths that match upstream (#21568)…
995ae06 
… (#21723)

Backport (#21568)

This PR fixes issue #21567 allowing for package tarball URLs to match
the upstream registry (and GitLab/JFrog Artifactory URLs). It uses a
regex to parse the filename (which contains the NPM version) and does a
fuzzy search to pull it out. The regex was built/expanded from
http://json.schemastore.org/package,
https://github.com/Masterminds/semver, and
https://docs.npmjs.com/cli/v6/using-npm/semver and is testable here:
https://regex101.com/r/OydBJq/5

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
@lunny lunny modified the milestones: 1.17.4, 1.17.5 Dec 21, 2022
@lunny lunny removed this from the 1.17.5 milestone Mar 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
topic/packages type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lunny @KN4CK3R @Racer159